No More Surprise Medical Bills: Providers Score More Victories in First Year of No Surprises Act Arbitrations, But Claims Backlog Otherwise Complicates Implementation

In the year following the implementation of the arbitration process established under the federal No Surprises Act (NSA), more than 330,000 disputes have been submitted for resolution. This figure far outpaces the predictions of the US Departments of Health and Human Services (HHS), Labor, and the Treasury (the Departments), and complicates the implementation of the NSA.

*This is the eighth article in a series analyzing the No Surprises Act and its implementation. To view the entire series, click here.

As background, Congress passed the NSA in 2020, effective in 2022, to curb so-called “surprise” medical bills — balance bills received by patients in situations where they have no control over who is involved in their care. Frequently, patients incur these bills when they obtain emergency care from out-of-network facilities or non-emergency services at in-network facilities where at least one member of the care team is out-of-network. In these situations, the NSA forbids out-of-network providers from balance billing the patients to collect the difference between billed charges and what the patient’s health insurance actually paid. Instead, to protect patients and ensure that reasonable payments are made to providers, the NSA establishes an alternative dispute resolution process, allowing eligible parties to submit disputed claims to independent dispute resolution entities (IDREs) to determine appropriate out-of-network payment rates.

Dispute resolution was intended to be streamlined and efficient, but IDREs have been inundated with submissions in the year since the NSA became effective. The volume of claims has created a significant backlog, hindering providers’ ability to obtain timely and appropriate reimbursement for the services they rendered. In an effort to promote transparency, the Departments recently issued a “status update” on the arbitration process. The report revealed several key findings regarding the volume, eligibility, and outcomes of claims submitted under the NSA to date.

Key Findings of the Status Update Report

First, the report provided insight into the overall numbers of claims that have been filed since the NSA became effective. Since the federal claims submission portal first went live in April 2022, disputing parties have initiated more than 330,000 arbitration submissions. This figure is nearly 14 times greater than the Departments’ initial estimates. The sheer volume of claims has drastically slowed the adjudication of claims submitted under the NSA.

Second, the report states that IDREs have rendered determinations in favor of one party or the other in only a small fraction of cases, with approximately 42,000 disputes decided as of March 31, 2023. Of these, initiating parties (typically health care providers) have prevailed approximately 71% of the time.

Third, to date, IDREs have closed more cases than they have decided. Overall, more than 100,000 claims,  – more than four times the amount anticipated by the Departments, have been closed. There are various reasons for this. Some claims were closed following successful negotiations between the parties. Others were closed due to one or both parties failing to submit the required fees mandated under the NSA. A large number — nearly 40,000 — were closed for eligibility reasons. Non-initiating parties have challenged the eligibility of more than a third of claims submitted for arbitration, balking at approximately 120,000 disputes. Non-initiating parties frequently object that claims are not eligible for arbitration under the NSA for multiple reasons, including lack of timely negotiation or arbitration submission, or because the disputed claims involve insurance programs outside the scope of the NSA.

In addition to the objections lodged by non-initiating parties, the IDREs have an independent duty to confirm that all claims submitted for arbitration are eligible under the NSA. These determinations require IDREs to engage in what can be a complex and time-consuming analysis of each claim, frequently requiring the submission of additional information from the parties. The report finds that these eligibility determinations represent the primary cause for the delays in processing arbitration submissions.

Finally, in an effort to help resolve delays, the status update includes that the Departments have begun to require initiating parties to submit additional information to assist IDREs in evaluating the eligibility of claims. The Departments have also modified the arbitration portal to require the input of additional information to enable non-initiating parties to identify disputed claims. These are among the “ongoing technical and operational improvements” the report states the Departments have been making over the last year.

Looking Ahead: Additional Legislation and Ongoing Court Challenges

The report highlights a series of problems that have hampered the implementation of the NSA, including larger-than-expected dispute volume, complex eligibility determinations, and technical issues. Collectively, these problems have left many parties awaiting arbitration awards and payment.

Meanwhile, the legal challenges to the Departments’ implementing regulations under the NSA continue, and HHS Secretary Xavier Bacerra recently testified before Congress regarding the implementation of the NSA. These developments have fueled speculation that Congress may step in and pass additional legislation to streamline the arbitration process. While these events play out, providers should continue to submit timely open negotiation notices and IDR initiation forms to preserve their rights under the NSA.

A copy of CMS’s report can be found here.

© 2023 ArentFox Schiff LLP

For more Healthcare Legal News, click here to visit the National Law Review.

The End of the COVID Public Health Emergency and Its Effect on Employee Benefit Plans

The COVID-19 public health emergency ends on May 11, 2023. The emergency resulted in two big changes to welfare plans: the relaxation of certain notification and timing requirements, and the requirement for plans to cover COVID testing and vaccination at no cost to plan participants. While the public health emergency ends May 11, 2023, plans have a grace period until July 11 to take certain actions and come into compliance with the normal rules.

Plan Sponsor Requirements

Before the grace period ends, plan sponsors will generally need to follow the rules that existed before COVID. Among the most important of these rules are the requirements for plan sponsors to:

  • Timely provide all notices, including those for HIPAA and COBRA.
  • Review COVID-related coverage under their employee assistance programs (EAPs) to determine if such coverage would be considered “significant medical care,” which can result in additional reporting and compliance obligations.
  • Review telehealth options to ensure they are properly integrated and provided by an entity that can comply with the post-COVID requirements. Telehealth rules were substantially relaxed during COVID. With telehealth now expected and utilized by more participants, getting telehealth right is more crucial than before.

Plan Sponsor Decisions

With the end of the public health emergency, plan sponsors must also make several important decisions with respect to their employee benefit plans:

  • Whether testing will continue free of charge or will be subject to cost sharing.
  • Whether non-preventative care vaccines for COVID will continue to be free of charge.
  • Whether costs for certain COVID-related services will continue to be posted.

As they are mostly based on what costs the plan sponsor or plan will cover going forward, these plan sponsor decisions are largely business-related. In the absence of a choice by the plan sponsor, the insurance provider will likely make a default choice. The important legal consideration is that the plan documents and employee communications should be consistent and accurately reflect the plan sponsor’s decisions.

Participant Requirements

In addition to the changes for plan sponsors, the end of the public health emergency will result in the reinstatement of a number of rules applicable to participants. Participants will need to:

Follow the HIPAA Special Enrollment timing rules.

Elect COBRA within the 60-day window for elections.

Make all COBRA payments timely.

Timely notify the plan of disabilities and qualifying events under COBRA.

Follow the timing limitations of their plans and insurance policies regarding filing claims, appeals, and external reviews.

Next Steps

First, plan sponsors should decide what COVID-related coverage will remain fully paid by the plan, if any. Some insurance companies are already starting to communicate with participants, and maintaining a consistent message will avoid unnecessary problems.

Second, plan sponsors should review their EAP and telehealth coverages for compliance with the rules that will soon be in effect. To the extent necessary, plan sponsors should update the documentation for their plans.

Finally, plan sponsors should consider a voluntary reminder communication to participants. Many rules have been relaxed over the last two years or so, and participants may be confused regarding the rules. A reminder may save stress for participants and those administering the plan, and will also serve to document the plan sponsor’s intention to properly follow the terms of the plan.

© 2023 Varnum LLP

For more healthcare legal news, click here to visit the National Law Review.

Software as a Medical Device: Challenges Facing the Industry

SaMD Blog Series: Introduction

Editor’s Note: We are excited to announce that this article is the first of a series addressing Software as a Medical Device and the issues that plague digital health companies, investors, clinicians and other organizations that utilize software and medical devices. We will be addressing various considerations including technology, data, intellectual property, licensing, and contracting.

The intersection of software, technology and health care and the proliferation of software as a medical device in the health care arena has become common place and has spurred significant innovations. The term Software as a Medical Device (SaMD) is defined by the International Medical Device Regulators Forum as “software intended to be used for one or more medical purposes that perform these purposes without being part of a hardware medical device.” In other words, SaMD need not be part of a physical device to achieve its intended purpose. For instance, SaMD could be an application on a mobile phone and not be connected to a physical medical device.

With the proliferation of SaMD also comes the need for those building and using it to firmly grasp legal and regulatory considerations to ensure successful use and commercialization. Over the next several weeks, we will be addressing some of more common issues faced by digital health companies, investors, innovators, and clinicians when developing, utilizing, or commercializing SaMD. The Food and Drug Administration (FDA) has already cleared a significant amount of SaMD, including more than 500 algorithms employing artificial intelligence (AI). Some notable examples include FDA-cleared SaMD such as wearable technology for remote patient monitoring; doctor prescribed video game treatment for children with ADHD; fully immersive virtual reality tools for both physical therapy and mental wellness; and end to end software that generates 3D printed models to better plan surgery and reduce operation time. With this rapid innovation comes a host of legal and regulatory considerations which will be discussed over the course of this SaMD Blog Series.

General Intellectual Property (IP) Considerations for SaMD

This edition will discuss the sophisticated IP strategies that can be used to protect innovations for the three categories of software for biomedical applications: SaMD, software in a medical device, and software used in the manufacture or maintenance of a medical device, including clinical trial collaboration and sponsored research agreements, filing patent applications, and pursuing other forms of protection, such as trade secrets.

Licensing and Contracting with Third Parties for SaMD

This edition will unpack engaging with third parties practically and comprehensively, whether in the context of (i) developing new SaMD or (ii) refining or testing existing SaMD. Data and IP can be effectively either owned or licensed, provided such licenses protect the future interests of the licensee. Such ownership and licensing are particularly important in the AI and machine learning space, which is one area of focus for this edition.

FDA Considerations for SaMD

This edition will explore how FDA is regulating SaMD, which will include a discussion of what constitutes a regulated device, legislative actions to spur innovation, and how FDA is approaching regulation of specific categories of SaMD such as clinical decision support software, general wellness applications, and other mobile medical devices. It will also examine the different regulatory pathways for SaMD and FDA’s current focus on Cybersecurity issues for software.

Health Care Regulatory and Reimbursement Considerations for SAMD

This edition will discuss the intersection of remote monitoring services and SaMD, prescription digital therapeutics and how they intersect with SaMD, licensure and distributor considerations associated with commercializing SaMD, and the growing trend to seek out device specific codes for SaMD.

Our hope is that this series will be a starting point for digital health companies, investors, innovators, and clinicians as each approaches development and use of SaMD as part of their business and clinical offerings.

© 2023 Foley & Lardner LLP

For more information on Healthcare, click here to visit the National Law Review.

 

Health Care Immigration: Alleviating the U.S. Nursing Shortage

The nursing shortage has been a persistent problem in the United States for decades, with experts predicting it will only worsen in the coming years. Many factors contribute to the nursing shortage, including an aging population, the retirement of experienced nurses, and an increasing demand for healthcare services. One potential solution to the shortage is immigration law, which can help bring in qualified nurses from other countries to work in the United States.

The nursing shortage is a complex issue that affects the entire healthcare system. Nurses play a crucial role in providing high-quality care to patients, and their absence can have serious consequences for patient outcomes. According to McKinsey, the United States may have a gap of between 200,000 to 450,000 nurses available for direct patient care by 2025. This shortage is not limited to registered nurses; there is also a shortage of licensed practical nurses, nurse practitioners, and other healthcare professionals.

One way to address the nursing shortage is to attract qualified nurses from other countries. The United States has a long history of welcoming immigrants from all over the world, including healthcare professionals.

Employment Immigration Sponsorship to Meet U.S. Nursing Demands

Several immigration options are available for nurses who wish to work in the United States. The most common options are the H-1B visa, the TN visa, and the EB-3 visa:

  • The H-1B visa is a non-immigrant visa that allows employers to temporarily hire foreign workers in specialty occupations. Registered nurses qualify as workers in a specialty occupation, so they are eligible. The H-1B visa is valid for up to three years and can be extended for an additional three years. However, there is a cap on the number of H-1B visas issued each year and the competition for these visas is often high.
  • The TN visa is a non-immigrant visa available to Canadian and Mexican citizens under the North American Free Trade Agreement (NAFTA). Nurses who are citizens of Canada or Mexico and have the necessary qualifications can apply for the TN visa to work in the United States. The visa is valid for up to three years and can be renewed indefinitely.
  • The EB-3 visa is an immigrant visa available to foreign workers in skilled or unskilled positions. Nurses qualify as skilled workers and can apply for the EB-3 visa. The visa requires an employer to sponsor the nurse, who must have a permanent job offer in the United States. The EB-3 visa is subject to a lengthy application process and may take several years to obtain.

In addition to these options, certain state-specific programs allow foreign nurses to work in those states. For example, the Health Professional Shortage Area (HPSA) program allows foreign nurses to work in areas with a shortage of healthcare professionals. The Conrad State 30 program allows foreign nurses to work in certain states for up to three years if they agree to work in underserved areas.

It is important to note that each immigration option has its own set of requirements and limitations. Nurses who are interested in working in the United States and health care providers seeking foreign talent must consult with an experienced immigration attorney to determine the best option for their specific situation.

Overall, immigration law provides options for foreign nurses who wish to work in the United States. As they take advantage of these options, the nursing shortage in the United States can be alleviated, and patients can receive the high-quality care they need and deserve.

Immigration Policy Updates are Critical to Close the Nursing Shortage Gap

While there exist many employment immigration visas that help alleviate the pressure of the ongoing nursing shortage on the health care industry, immigration laws, regulations, and administrative policies can make it difficult for foreign nurses to work in the United States. Strategic updates to these laws, regulations, and administrative policies are critical to permit foreign nurses to enter the nursing labor market.

One change is to streamline the visa process for foreign nurses. Currently, the process of obtaining a visa to work in the United States can be time-consuming and complicated. Many foreign nurses face significant barriers such as language proficiency exams, educational requirements, and visa quotas. By simplifying the visa process and reducing these barriers, the United States could recruit more foreign nurses to work here.

Another change is to provide incentives for foreign nurses to come to the United States. For example, the government could offer financial assistance to help them cover the cost of their relocation and provide support services to help them adjust to their new home. Additionally, employers could offer signing bonuses, tuition reimbursement, and other benefits to attract foreign nurses.

Finally, immigration agencies can develop partnerships with other countries to increase the number of nurses trained abroad. Many countries, particularly developing nations, have large numbers of qualified nurses who are unable to find work in their home countries. By partnering with these countries, the United States could help train more nurses and provide them with opportunities to work in the United States.

The nursing shortage is a serious problem that requires innovative solutions. Immigration law already plays a crucial role in addressing the shortage. This role, however, can grow through streamlining the visa process, providing incentives for foreign nurses to come to the United States, and creating partnerships with other countries.

©2023 Norris McLaughlin P.A., All Rights Reserved

The FTC Announces First Health Breach Notification Rule Enforcement Action

On February 1, the Federal Trade Commission (“FTC”) announced enforcement action for the first time under its Health Breach Notification Rule[1]. The complaint against telehealth and prescription drug discount provider GoodRx Holdings Inc. (“GoodRx”), alleges its failure to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google and other companies.

In a first-of-its-kind proposed order, filed by the Department of Justice on behalf of the FTC, GoodRx will be prohibited from sharing user health data with applicable third parties for advertising purposes, and has agreed to pay a $1.5 million civil penalty for violating the rule. The proposed order must be approved by the federal court to go into effect. The Health Breach Notification Rule requires vendors of personal health records and related entities, which are not covered by the Health Insurance Portability and Accountability Act (HIPAA), to notify consumers and the FTC of unauthorized disclosures. In a September 2021 policy statement, the FTC warned health apps and connected devices that they must comply with the rule.

According to the FTC’s complaint, for years GoodRx violated the FTC Act by sharing sensitive personal health information with advertising companies and platforms—contrary to its privacy promises—and failed to report these unauthorized disclosures as required by the Health Breach Notification Rule.  Specifically, the FTC claims GoodRx shared personal health information with Facebook, Google, Criteo and others. According to the FTC, since at least 2017, GoodRx deceptively promised its users that it would never share personal health information with advertisers or other third parties. GoodRx repeatedly violated this promise by sharing sensitive personal health information—such as including its users’ prescription medications and personal health conditions.

The FTC also alleges GoodRx monetized its users’ personal health information, and used data it shared with Facebook to target GoodRx’s own users with personalized health and medication-specific advertisements on Facebook and Instagram.

The FTC further alleges that GoodRx:

  • Failed to Limit Third-Party Use of Personal Health Information: GoodRx allowed third parties it shared data with to use that information for their own internal purposes, including for research and development or to improve advertising.
  • Misrepresented its HIPAA Compliance: GoodRx displayed a seal at the bottom of its telehealth services homepage falsely suggesting to consumers that it complied with the Health Insurance Portability and Accountability Act of 1996 (HIPAA), a law that sets forth privacy and information security protections for health data.
  • Failed to Implement Policies to Protect Personal Health Information: GoodRx failed to maintain sufficient policies or procedures to protect its users’ personal health information. Until a consumer watchdog publicly revealed GoodRx’s actions in February 2020, GoodRx had no sufficient formal, written, or standard privacy or data sharing policies or compliance programs in place.

In addition to the $1.5 million penalty for violating the rule, the proposed federal court order also prohibits GoodRx from engaging in the deceptive practices outlined in the complaint and requires the company to comply with the Health Breach Notification Rule. To remedy the FTC’s numerous allegations, other provisions of the proposed order against GoodRx also:

  • Prohibit the sharing of health data for advertising: GoodRx will be permanently prohibited from disclosing user health information with applicable third parties for advertising purposes.
  • Require user consent for any other sharing: GoodRx must obtain users’ affirmative express consent before disclosing user health information with applicable third parties for other purposes. The order requires the company to clearly and conspicuously detail the categories of health information that it will disclose to third parties.  It also prohibits the company from using manipulative designs, known as dark patterns, to obtain users’ consent to share the information.
  • Require the company to seek deletion of data: GoodRx must direct third parties to delete the consumer health data that was shared with them and inform consumers about the breaches and the FTC’s enforcement action against the company.
  • Limit Retention of Data: GoodRx will be required to limit how long it can retain personal and health information according to a data retention schedule. It also must publicly post a retention schedule and detail the information it collects and why such data collection is necessary.
  • Implement a Mandated Privacy Program: GoodRx must put in place a comprehensive privacy program that includes strong safeguards to protect consumer data.

© 2023 Dinsmore & Shohl LLP. All rights reserved.

For more Cybersecurity and Privacy Legal News, click here to visit the National Law Review


FOOTNOTES

[1] 16 CFR Part 318

FDA’s Digital Health High Notes from 2022

There has been a lot of discussion lately of the Food and Drug Omnibus Reform Act of 2022 (FDORA), which was enacted on December 29, 2022 as part of the larger Consolidated Appropriations Act for 2023 (you can find our blog post on it here). As important as these kinds of future reforms are to medical product developers, we should also take a moment to review last year’s actions and policy updates on digital health from the Food and Drug Administration (FDA) and to reflect on the transformations that have been taking place at the agency as a result of the rapid pace of innovation in the field. The year 2022 marked the conclusion of the five-year Software Precertification Pilot Program and the release of the final Clinical Decision Support Software guidance, among other things, although FDA’s digital health policies generally remained consistent. In this post, we summarize the agency’s key actions in the digital health space in 2022.

Expanding into Extended Reality

Over the past few years, FDA has started a number of initiatives to explore the use of virtual, mixed, and augmented reality (the agency typically uses the term “extended reality” to cover all types of immersive digital systems) as therapeutic devices for use by patients in clinical environments and at home. The agency granted marketing authorization to two virtual reality devices for patient use, EaseVRx for chronic pain (de novo classification) and Luminopia One for treatment of lazy eye in children, in 2021 and the CureSight system, also for lazy eye in children, in 2022. It is also conducting multiple internal research projects on medical extended reality within the Center for Devices and Radiological Health (CDRH).

In conjunction with its internal research, FDA is engaging health care professionals and the industry to learn about possible benefits, as well as the risks and limitations, of medical extended reality systems to guide future decisions about the therapeutic and clinical uses of such devices. A meeting of FDA’s Patient Engagement Advisory Committee in July 2022 provided an opportunity for the agency to hear from experts and researchers in the field of extended reality and its uses, as well as companies developing medical extended reality devices and patients who have experienced such devices. The materials from the meeting are available here.

FDA also published a list of medical extended reality devices that have received marketing authorization on its website devoted to the Digital Health Center of Excellence (DHCoE), which is part of CDRH.

Application of extended reality technology and the metaverse to medicine is an exciting area of development, and we expect FDA to continue to be active in the space and to develop formal policies and guidance on extended reality devices in the near future.

Precertification Pilot Ends with Uncertain Future

FDA’s Software Precertification Pilot Program, launched in 2017 to explore innovative methods and approaches to regulating software as a medical device (SaMD), officially ended in September 2022 (see our previous posts on the Precertification program here and here). Although FDA was able to glean some key insights from the pilot, including a better understanding of SaMD manufacturer practices throughout the product life cycle, including design, development, and management of SaMD products, the agency ultimately admitted that it had encountered significant challenges in implementing the pilot program. Such challenges included:

  • limited statutory authorities, which hindered FDA’s ability to gather consistent and harmonized information on manufacturer practices and SaMD performance;
  • focusing only on SaMD for De Novo classification, which limited the number of eligible devices and created issues for testing pilot-specific special controls; and
  • the small number of participants (only nine SaMD manufacturer were accepted to the pilot program).

You can read FDA’s final report from the pilot program here.

FDA may use its observations from the pilot program when developing new guidance or other policies pertaining to SaMD, but any new rules or guidances must be consistent with the agency’s current statutory authorities. It is very likely that we have seen the end of any FDA software precertification program, unless or until Congress decides to grant the agency specific authority to implement a new or different regulatory regime for SaMD.

Leadership Changes at the Digital Health Center of Excellence

The past year marked a number of watershed changes at the DHCoE, including the departure of Bakul Patel, longstanding CDRH official in many capacities and the first director of the DHCoE, and the naming of a new acting director, Brendan O’Leary. Subsequently, in January 2023, the agency named Troy Tazbaz, former senior vice president at Oracle, as the new director of DHCoE. It will be interesting to see how Mr. Tazbaz, a newcomer to the agency, will direct the DHCoE in further developing the regulatory framework for digital health devices and in building strategic partnerships with industry stakeholders.

Digital Health Guidances

FDA introduced a number of new and revised guidance documents relating to digital health technologies in 2022. The following is a list with brief descriptions of each such agency guidance:

  • Clinical Decision Support Software (final guidance) – After a long wait (the previous draft version was published in September 2019), FDA issued a final guidance covering clinical decision support (CDS) software devices on September 28, 2022. You can find our analysis of this critical guidance in this previous post. In addition, FDA created some helpful resources to determine the regulations that may apply to a company’s CDS software or other types of SaMD: a CDS software flowchart, and a Digital Health Policy Navigator.
  • Policy for Device Software Functions and Mobile Medical Applications (revised final guidance) – FDA issued an updated version of this guidance in September 2022 to implement changes consisted with the CDS final guidance.
  • Cybersecurity in Medical Devices: Quality System Considerations and Content of Premarket Submissions (draft guidance) – In recent years, FDA has repeatedly emphasized the importance of addressing cybersecurity in medical devices and has made great efforts in keeping its policies and guidance documents aligned with current cybersecurity recommendations. This guidance describes methods for incorporating cybersecurity into the design and development process for connected medical devices (including SaMD) and for maintaining cybersecurity as part of device quality systems throughout the product lifecycle. Once finalized, this guidance will supersede final guidance Content of Premarket Submissions for Management of Cybersecurity in Medical Devices, issued in October 2014. It is also worth noting that FDORA grants the agency new authorities to require cybersecurity plans as part of premarket submissions for so-called “cyber devices,” which will need to be considered and incorporated into any upcoming final guidance on this topic.
  • Computer-Assisted Detection Devices Applied to Radiology Images and Radiology Device Data – Premarket Notification [510(k)] Submissions (final guidance) & Clinical Performance Assessment: Considerations for Computer-Assisted Detection Devices Applied to Radiology Images and Radiology Device Data in Premarket Notification (510(k)) Submissions (final guidance) – This pair of final guidances describes FDA’s expectations for information included in premarket notification submissions for CADe devices, and specifically for the design of clinical studies to support marketing authorization of such devices. Many companies have developed, or are interested in developing, software with CADe functionality to detect lesions or abnormalities in radiology images for the purpose of assisting human readers, and with the rapid risk of artificial intelligence/machine learning-based software, some manufacturers may seek to develop CADe software that replaces human readers altogether. These guidances are especially useful for companies developing CADe software and preparing for clinical testing and submission to FDA.
  • Electronic Submission Template for Medical Device 510(k) Submissions (final guidance) – Although this guidance does not specifically apply to digital health technologies, it represents an important development for all medical device companies, including digital health device manufacturers. FDA released this guidance in conjunction with the announcement that CDRH will accept electronic submissions of device premarket notifications from all applicants using the electronic submission template and resource (eSTAR) tool. The guidance describes the structure of the template (and helpfully cross-references other guidance documents that relate to each section of the template). FDA has designated October 1, 2023 as the date of full transition to electronic submission for premarket notifications, meaning that FDA will no longer accept eCopies of premarket notification submissions for filing and review as of that date.

As the preceding list highlights, digital health is an active and rapidly advancing field both in the private sector and at FDA. We will continue to monitor and report on notable developments in terms of regulatory policies affecting developers and investors in the broader field.

©1994-2023 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.
For more Food and Drug Legal News, click here to visit the National Law Review

Privacy Tip #359 – GoodRx Settles with FTC for Sharing Health Information for Advertising

The Federal Trade Commission (FTC) announced on February 1, 2023 that it has settled, for $1.5M, its first enforcement action under its Health Breach Notification Rule against GoodRx Holdings, Inc., a telehealth and prescription drug provider.

According to the press release, the FTC alleged that GoodRx failed “to notify consumers and others of its unauthorized disclosures of consumers’ personal health information to Facebook, Google, and other companies.”

In the proposed federal court order (the Order), GoodRx will be “prohibited from sharing user health data with applicable third parties for advertising purposes.” The complaint alleged that GoodRx told consumers that it would not share personal health information, and it monetized users’ personal health information by sharing consumers’ information with third parties such as Facebook and Instagram to help target users with ads for personalized health and medication-specific ads.

The complaint also alleged that GoodRx “compiled lists of its users who had purchased particular medications such as those used to treat heart disease and blood pressure, and uploaded their email addresses, phone numbers, and mobile advertising IDs to Facebook so it could identify their profiles. GoodRx then used that information to target these users with health-related advertisements.” It also alleges that those third parties then used the information received from GoodRx for their own internal purposes to improve the effectiveness of the advertising.

The proposed Order must be approved by a federal court before it can take effect. To address the FTC’s allegations, the Order prohibits the sharing of health data for ads; requires user consent for any other sharing; stipulates that the company must direct third parties to delete consumer health data; limits the retention of data; and implement a mandated privacy program. Click here to read the press release.

Copyright © 2023 Robinson & Cole LLP. All rights reserved.

FDA Finalizes Cannabis Guidance Focusing on Clinical Research and Quality Considerations

On January 23, 2023, the U.S. Food and Drug Administration (FDA) issued its final guidance, “Cannabis and Cannabis-Derived Compounds: Quality Considerations for Clinical Research” (the Final Guidance). The agency outlines current recommendations for drug sponsors developing cannabis and cannabis-derived compounds for use in human drug clinical research. Cannabis and cannabis-derived compounds include botanical raw materials, extracts, and highly purified substances of botanical origin.[i] FDA published the draft version of the guidance in July 2020 and received 60 public comments. Below, we outline key points from the Final Guidance.

Background

  • The Agriculture Improvement Act of 2018 (Public Law 115-334), known as the 2018 Farm Bill, removed “hemp” from the definition of “marihuana” under the Controlled Substances Act (CSA). Now, hemp is not considered a controlled substance. “Hemp” is defined in the 2018 Farm Bill as including cannabis and derivatives or extracts of cannabis with no more than 0.3% by dry weight of the compound delta-9 tetrahydrocannabinol (THC). The Drug Enforcement Administration (DEA) still regulates as Schedule I controlled substances those botanical raw materials, extracts, and derivatives that contain cannabis or cannabis-derived compounds with delta-9 THC content above 0.3% by dry weight.
  • Cannabis and cannabis-derived compounds – even those meeting the 2018 Farm Bill’s definition of “hemp” – are typically subject to the same FDA clinical research regulatory requirements and standards as human drug products containing other substances.

Cannabis Sources and Quality Considerations

  • Sponsors may use cannabis (including hemp) in human drug clinical research if FDA deems the cannabis to be of “adequate quality.” The agency will review quality issues in the context of an investigational new drug (IND) application.
  • Historically, the National Institute on Drug Abuse (NIDA) Drug Supply Program (DSP) was the only domestic, federally legal source of cannabis for clinical research. That is no longer the case. Human drug sponsors may now source cannabis regulated as a Schedule I controlled substance from other DEA-authorized growers.
  • Human drug sponsors should consider the recommendations in FDA’s final guidance, “Botanical Drug Development” (Dec. 2016). Importantly, the agency does not recommend relying on published literature as a substitute for data from a full toxicology program to support drug product development for phase 3 clinical research (and beyond). Dedicated toxicology studies are specifically recommended for 7-COOH-CBD, the major human metabolite of cannabidiol.

CSA Controlled Status

  • When a drug sponsor submits an IND to FDA as part of cannabis-related human drug clinical research, the sponsor should determine the potential controlled substance status of any botanical raw materials, drug substances, and drug products by taking into consideration the delta-9 THC content. The agency encourages sponsors to calculate the delta-9 THC content in the proposed investigational product early in the drug development process and to consult with the DEA.
  • Generally, the delta-9 THC percentage in botanical raw materials is calculated as the amount of delta-9 THC (and THCA) naturally present in a material sample relative to the sample’s dry weight prior to extraction or other manufacturing steps. For intermediates or finished products containing cannabis or a cannabis-derived compound, sponsors should calculate the total delta-9 THC percentage using the composition of the formulation with the amount of water removed (including water contained by excipients). These calculations should not be used for other purposes (e.g., Chemistry Manufacturing and Controls (CMC)).
  • FDA may have concerns with drug abuse liability. As part of the agency’s review of a new drug application (NDA), FDA may conduct an abuse potential assessment. Such an assessment could impact drug product labeling as well as DEA scheduling or rescheduling.

Copyright ©2023 Nelson Mullins Riley & Scarborough LLP

For more Cannabis Legal News, click here to visit the National Law Review.


FOOTNOTES

[i] Fully synthetic versions of substances occurring in cannabis (e.g., dronabinol) fall outside the Final Guidance’s scope.

Will CMS’s Proposed Rule on “Identified Overpayments” Increase Reverse FCA Cases?

On December 27, 2022, the Centers for Medicare & Medicaid Services (CMS) publishedproposed rule which, in part, seeks to amend the existing regulations for Medicare Parts A, B, C, and D regarding the standard for when an “identified” overpayment must be refunded, pursuant to the Affordable Care Act (ACA) and the False Claims Act (FCA) reverse false claims provision. As written, the proposed rule would remove the existing “reasonable diligence” standard for identification of overpayments, and add the “knowing” and “knowingly” FCA definition. As a result, an overpayment would be identified when the entity has actual knowledge of an identified overpayment, or acts in reckless disregard or deliberate ignorance of an identified overpayment. And, a provider is required to refund overpayments it is obliged to refund within 60 days of such identified overpayment.

If this proposed rule is finalized, the Department of Justice (DOJ) and Health and Human Services (HHS) Office of Inspector General’s (OIG) should be applying the same intent standard to their evaluation of potential reverse false claims and Civil Monetary Penalty liability.

The Lay of the Land

Currently, the applicable overpayment regulations state:

A person has identified an overpayment when the person has, or should have through the exercise of reasonable diligence, determined that the person has received an overpayment and quantified the amount of the overpayment. A person should have determined that the person received an overpayment and quantified the amount of the overpayment if the person fails to exercise reasonable diligence and the person in fact received an overpayment.

42 C.F.R. § 401.305(a)(2). In the 2016 Final Rule, CMS agreed “the 60-day time period begins when either the reasonable diligence is completed or on the day the person received credible information of a potential overpayment if the person failed to conduct reasonable diligence and the person in fact received an overpayment.” This reasonable diligence standard allows entities to not only determine credibility of allegations, or issues relating to, a potential overpayment but also, when credible, to conduct a properly scoped internal investigation, during which an entity also accurately quantifies any associated overpayment due for refund.

In the proposed rulemaking, CMS is suggesting instead the following standard:

A person has identified an overpayment when the person knowingly receives or retains an overpayment. The term “knowingly” has the meaning set forth in 31 U.S.C. 3729(b)(1)(A).

31 U.S.C. 3729(b)(1)(A) defines “Knowingly” as any circumstance in which “a person, with respect to information—(i) has actual knowledge of the information; (ii) acts in deliberate ignorance of the truth or falsity of the information; or (iii) acts in reckless disregard of the truth or falsity of the information.”

The currently proposed provision has similar effect to the language CMS proposed in 2012 and, after consideration of comments, ultimately rejected in the 2014 Final Rule (Medicare Advantage and Part D) and 2016 Final Rule (Medicare Part A and Part B). In that final rulemaking, CMS removed the “actual knowledge,” “reckless disregard,” and “deliberate ignorance” terms in favor of the reasonable diligence standard, leaving practitioners to argue that CMS had lowered requisite intent to a standard less than required by the FCA.

Potential Impact

The FCA is a fraud statute, requiring intent. If a company investigating the credibility, issue, and scope of a matter (i.e., exercising reasonable diligence) also diligently determines the scope of a possible refund obligation, it would be difficult for DOJ to credibly claim an entity has acted recklessly, or with deliberate indifference to repayment under the FCA. DOJ’s general practice has been to bring reverse FCA cases when a provider does not investigate credible allegations and does not refund associated overpayments, after identifying them. For example, in a 2015 case, DOJ attorneys stated in a court conference, “[T]his is not a question … of a case where the hospital is diligently working on the claims and it’s on the sixty-first day and they’re still scrambling to go through their spreadsheets, you know, the government wouldn’t be bringing that kind of a claim.” United States ex rel. Kane v. Healthfirst, Inc., 120 F. Supp. 3d 370, 389 (S.D. N.Y. 2015).

It remains to be seen whether this change will result in an increased pursuit of reverse FCA cases. The proposed rule would eliminate an explicit diligence period (generally not to exceed six months, except in particularly complicated analyses, such as under the Physician Self-Referral or “Stark” Law) to ascertain the validity and amount of a potential obligation to refund an overpayment. The proposed rule does not explain whether providers, suppliers, and others still will have an opportunity to conduct a reasonably diligent inquiry into whether any obligation to refund exists at all, prior to the ACA 60-day clock starting to run. Ideally CMS would make clear in any preamble that the government still expects reasonable and professional efforts be undertaken before making refunds, even if that process may take some time to complete

Absent such clarity, the fact remains that it is difficult to “identify” an obligation to refund, much less any refundable amounts, without first validating the alleged overpayment and quantifying any obligation.

Additionally, this standard may prompt entities to submit an HHS-OIG self-disclosure before all facts are known. While OIG requires a disclosing party to conduct an internal investigation prior to submission, it is near impossible to thoroughly investigate issues and identify any refund 60 days from learning of a possible issue that might result in a refund (especially when multiple payors are involved). Even if a disclosing party notes within a self-disclosure that an investigation is ongoing, the disclosing party must certify that it will complete its investigation within 90 days of the submission date – which still may not be enough time based on the complexity of the allegations or claims review required. The resulting back-and-forth of incomplete information likely would create unnecessary delays in reaching a resolution and frustration among all parties involved.

We encourage all providers, suppliers, Medicare Advantage organizations, Part D participants, and other stakeholders to submit comments on this proposed rule. The public has until 5 p.m. ET on February 13, 2023 to submit comments, which are accepted, electronically or by mail.

© 2023 Foley & Lardner LLP

CMS Issues Calendar Year 2023 Home Health Final Rule

On November 4, 2022, the Centers for Medicare & Medicaid Services (CMS) published the calendar year 2023 Home Health Prospective Payment System Rate final rule, which updates Medicare payment policies and rates for home health agencies.  Some of the key changes implemented by the final rule are summarized below.

  • Home Health Payment Rates. Instead of imposing a significant rate cut, as was included in the proposed rule released earlier this year, CMS has increased calendar year 2023 Medicare payments to home health agencies by 0.7 percent or $125 million in comparison to calendar year 2022.

 

  • Patient-Driven Groupings Model and Behavioral Changes. A -3.925 percent permanent adjustment to the 30-day payment rate has been implemented for calendar year 2023. The purpose of this adjustment is to ensure that aggregate expenditures under the new patient-driven groupings model payment system are equal to what they would have been under the old payment system. Additional permanent adjustments are expected to be proposed in future rulemaking.

 

  • Permanent Cap on Wage Index Decreases. The rule finalizes a permanent 5 percent cap on negative wage index changes for home health agencies.

 

  • Recalibration of Patient-Driven Groupings Model Case-Mix Weights. CMS has finalized the recalibration of the case-mix weights, including the functional levels and co-morbidity adjustment subgroups and the low utilization payment adjustment thresholds, using calendar year 2021 data in an effort to more accurately pay for the types of patients home health agencies are serving.

 

  • Telehealth. CMS plans to begin collecting data on the use of telecommunications technology under the home health benefit on a voluntary basis beginning on January 1, 2023, and on a mandatory basis beginning on July 1, 2023. Further program instruction for reporting this information on home health claims is expected to be issued in January of 2023.

 

  • Home Infusion Therapy Benefit. The Consumer Price Index for all urban consumers for June 2022 is 9.1 percent and the corresponding productivity adjustment is a reduction of 0.4 percent. Therefore, the final home infusion therapy payment rate update for calendar year 2023 is an increase of 8.7 percent. The standardization factor, the final geographic adjustment factors, national home infusion therapy payment rates, and locality-adjusted home infusion therapy payment rates will be posted on CMS’ Home Infusion Therapy Services webpage once the rates are finalized.

 

  • Finalization of All-Payer Policy for the Home Health Quality Reporting Program. CMS has ended the temporary suspension of Outcome and Assessment Information Set (OASIS) data collection on non-Medicare/non-Medicaid home health agency patients. Beginning in calendar year 2027, home health agencies will be required to submit all-payer OASIS data, with two quarters of data required for program year 2027. A phase-in period will occur from January 1, 2025 through June 30, 2025, and during that time the failure to submit the data will not result in a penalty.

 

  • Health Equity Request for Information. The comments received from stakeholders providing feedback on health equity measure development for the Home Health Quality Reporting Program and the potential future application of health equity in the Home Health Value-Based Purchasing Expanded Model’s scoring and payment methodologies are summarized in the final rule.

 

  • Baseline Years in the Expanded Home Health Value-Based Purchasing (HHVBP) Model. For the Expanded Home Health Value-Based Purchasing Expanded Model, CMS is: updating definitions, changing the home health agency baseline calendar year (from 2019 to 2022 for existing home health agencies with a Medicare certification date prior to January 1, 2019, and from 2021 to 2022 for home health agencies with a Medicare certification date prior to January 1, 2022); and changing the model baseline calendar year from 2019 to 2022 starting in 2023.

For more Health Care legal news, click here to visit the National Law Review.

Copyright © 2022 Robinson & Cole LLP. All rights reserved.